![]() This is because on Debian, the binaries from these packages used to end with a version number, e.g. However, the workaround for the false positive doesn't work. The chkrootkit package's /etc/cron.daily/chkrootkit script has a workaround for this which tries to replaces the PID with a static string. Or try one of the virtual PC programs from Microsoft, they somewhat virtualize Windows in a different way.The isc-dhcp-client and isc-dhcp-server packages (DHCP client and server) re-runs their daemons regularly and cause a "packet sniffer" false positive. Get some of the vmware images online to run Windows inside of a virtual machine, it might take a while to reinstall a new copy of XP inside the VM. Sure it'll be annoying but once you feel the program is safe you can move it to your working PC or turn down the antivirus warnings a bit. ![]() You should also run antivirus in its strongest protection mode, make it confirm every program name change, file deletes, creates, etc. I have heard that itunes doesn't like to be run under a debugger but a packet monitor, huh. I've never seen a program that doesn't like packet monitors, sounds like a suspicious program. If you're on wifi then you'll see all the traffic. Sometimes I disconnect the Internet and start up a packet monitor on another PC and put it on the same wire (use a hub not a switch). Are both packet capture programs relying on winpcap, is that what's being detected? There's a site called AnalogX that has a network monitor that might not be detected. It might help you continuously run "netstat -ano" and cross check the new processes that show up and what ports and ip addresses they are connecting too.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |